build: enable missing OpenSSF-recommended warnings, with fixes

https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++.html as of 2023-11-29 [1]. Enable new recommended warnings (except `-Wsign-conversion`): - enable `-Wformat=2` for clang (in both cmake and autotools). - add `CURL_PRINTF()` internal attribute and mark functions accepting printf arguments with it. This is a copy of existing `CURL_TEMP_PRINTF()` but using `__printf__` to make it compatible with redefinting the `printf` symbol: https://gcc.gnu.org/onlinedocs/gcc-3.0.4/gcc_5.html#SEC94 - fix `CURL_PRINTF()` and existing `CURL_TEMP_PRINTF()` for mingw-w64 and enable it on this platform. - enable `-Wimplicit-fallthrough`. - enable `-Wtrampolines`. - add `-Wsign-conversion` commented with a FIXME. - cmake: enable `-pedantic-errors` the way we do it with autotools. Follow-up to d5c0351055 #2747 - lib/curl_trc.h: use `CURL_FORMAT()`, this also fixes it to enable format checks. Previously it was always disabled due to the internal `printf` macro. Fix them: - fix bug where an `set_ipv6_v6only()` call was missed in builds with `--disable-verbose` / `CURL_DISABLE_VERBOSE_STRINGS=ON`. - add internal `FALLTHROUGH()` macro. - replace obsolete fall-through comments with `FALLTHROUGH()`. - fix fallthrough markups: Delete redundant ones (showing up as warnings in most cases). Add missing ones. Fix indentation. - silence `-Wformat-nonliteral` warnings with llvm/clang. - fix one `-Wformat-nonliteral` warning. - fix new `-Wformat` and `-Wformat-security` warnings. - fix `CURL_FORMAT_SOCKET_T` value for mingw-w64. Also move its definition to `lib/curl_setup.h` allowing use in `tests/server`. - lib: fix two wrongly passed string arguments in log outputs. Co-authored-by: Jay Satiro - fix new `-Wformat` warnings on mingw-w64. [1] 56c0fde389/docs/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C%2B%2B.md Closes #12489
2026-04-14 22:41:40 +03:00 · 2023-12-08 13:05:09 +00:00 · 2023-12-08 13:05:09 +00:00 · 3829759bd0
commit 3829759bd0
parent ba8752e556
88 changed files with 531 additions and 318 deletions
--- a/m4/curl-compilers.m4
+++ b/m4/curl-compilers.m4
@ -832,6 +832,8 @@ AC_DEFUN([CURL_SET_COMPILER_WARNING_OPTS], [
          dnl Only clang 2.9 or later
          if test "$compiler_num" -ge "209"; then
            tmp_CFLAGS="$tmp_CFLAGS -Wno-sign-conversion"
+          # CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [sign-conversion])  # FIXME
+          # tmp_CFLAGS="$tmp_CFLAGS -Wno-error=sign-conversion"          # FIXME
            CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [shift-sign-overflow])
          # CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [padded])  # Not used because we cannot change public structs
          fi
@ -839,6 +841,7 @@ AC_DEFUN([CURL_SET_COMPILER_WARNING_OPTS], [
          dnl Only clang 3.0 or later
          if test "$compiler_num" -ge "300"; then
            CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [language-extension-token])
+            tmp_CFLAGS="$tmp_CFLAGS -Wformat=2"
          fi
          #
          dnl Only clang 3.2 or later
@ -887,6 +890,10 @@ AC_DEFUN([CURL_SET_COMPILER_WARNING_OPTS], [
            CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [assign-enum])
            CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [extra-semi-stmt])
          fi
+          dnl clang 10 or later
+          if test "$compiler_num" -ge "1000"; then
+            tmp_CFLAGS="$tmp_CFLAGS -Wimplicit-fallthrough"  # we have silencing markup for clang 10.0 and above only
+          fi
        fi
        dnl Disable pointer to bool conversion warnings since they cause
        dnl lib/securetransp.c cause several warnings for checks we want.
@ -1016,8 +1023,10 @@ AC_DEFUN([CURL_SET_COMPILER_WARNING_OPTS], [
            CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [type-limits old-style-declaration])
            CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [missing-parameter-type empty-body])
            CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [clobbered ignored-qualifiers])
-            CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [conversion])
+            CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [conversion trampolines])
            tmp_CFLAGS="$tmp_CFLAGS -Wno-sign-conversion"
+          # CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [sign-conversion])  # FIXME
+          # tmp_CFLAGS="$tmp_CFLAGS -Wno-error=sign-conversion"          # FIXME
            CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [vla])
            dnl required for -Warray-bounds, included in -Wall
            tmp_CFLAGS="$tmp_CFLAGS -ftree-vrp"
@ -1063,10 +1072,7 @@ AC_DEFUN([CURL_SET_COMPILER_WARNING_OPTS], [
            CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [alloc-zero])
            tmp_CFLAGS="$tmp_CFLAGS -Wformat-overflow=2"
            tmp_CFLAGS="$tmp_CFLAGS -Wformat-truncation=2"
-            if test "$compiler_num" -lt "1200"; then
-              dnl gcc 12 doesn't acknowledge our comment markups
-              tmp_CFLAGS="$tmp_CFLAGS -Wimplicit-fallthrough=4"
-            fi
+            tmp_CFLAGS="$tmp_CFLAGS -Wimplicit-fallthrough"
          fi
          #
          dnl Only gcc 10 or later